ConfigMgr and Flexera Software CSI (3. Party Patch Management): Install the CSI Plugin

This is a quick and dirty how-to guide as I have a couple of customer who have asked for the same – how to Install the CSI Plugin in order to Connect the Flexera CSI to your ConfigMgr/WSUS/SUP infrastructure where you get the ability to monitor 3rd party vulnerabilities and remediate any threats by patching or removing software. This is a great management tool addon to your WSUS/ConfigMgr infrastructure and is a must for a complete patch management solution. If you are new to Flexera Software CSI I suggest you go to the following links where you can read up [...]

By | 2017-05-14T18:56:16+00:00 May 14th, 2017|Configuration Manager (SCCM)|0 Comments

A couple of nice little OSD tweaks in ConfigMgr 1702

ConfigMgr 1702 have a wealth of new features and client management improvements. This one might not be the reason you upgrade, but it’s still nice and worth a blog post. With 1702 you can customize your task sequence information and control what’s being displayed to the end-user. in this example you should notice a few changed in software center. Looking at my Upgrade task sequence, I now have information about download time/size and restart. when I start the task sequence, I have interesting information from my IT department telling me why the company is upgrading to Windows 10 All of [...]

Android for Work in Configuration Manager 1702

Android for Work support was introduced in Intune standalone in late 2016. With the latest release of Configuration Manager current branch we also have AFW support in hybrid environments. In order to configure AFW a few things to you need to ensure first: Have a couple of Android devices with Android 5.0 or higher Create a Google account to be used as the Android for work admin account Configure Android for Work In the ConfigMgr console navigate to Administration workspace / Overview / Cloud Services / Microsoft Intune Subscriptions and click Configure Platforms / Android For Work. Notice the dialog [...]

By | 2017-03-27T08:38:21+00:00 March 27th, 2017|Configuration Manager (SCCM)|1 Comment

Default Site-Boundary-Group and boundaries

The purpose of the Default Site-Boundary-Group is to service clients that are not served by any other boundary group (that being local boundary group or neighbor boundary group). However in ConfigMgr 1610 there has been some confusement around the fact that you can add boundaries to the Default Site-Boundary-Group . I’ve been asked a couple of times if we should add all boundaries to the Default Site-Boundary-Group since the group is automatically configured for Site assignment. My take on that is NO, don’t use the Default Site-Boundary-Group as you don’t really control it. You will also notice that you can’t [...]

By | 2017-01-23T13:34:33+00:00 January 23rd, 2017|Configuration Manager (SCCM), General info|3 Comments

ConfigMgr Software Update scanning failed with OnScanComplete with error=0x80244017

Scanning, deploying and installing software updates should be a walk in the park, and most of the times it is. But (luckily) sometimes we run into issues that we haven’t seen before. Like in this case where clients stopped scanning for software updates in ConfigMgr 1602. What I have learned in my years working with ConfigMgr is that software update issues often are caused by older version of the Windows Update agent, configuration change on the WSUS server(s) or a change in the infrastructure. The challenge is to figure out is what category your issues falls into. Normally, it’s fairly [...]

By | 2016-04-24T12:19:29+00:00 April 24th, 2016|Configuration Manager (SCCM), General info|2 Comments

Upgrade SCCM 1511 to 1602 when Service Connection Point is set to Offline, on-demand

Last week Microsoft announced 1602 for SCCM Current Branch Production Environments: Receiving updates to your System Center Configuration Manager Server(s) is today more important than ever in order to have your SCCM environment keep track with Windows 10 and the ever fast paste with Cloud development where new features are added constantly. To make the updates experience of your SCCM solution as smooth as possible Microsoft has introduced dynamic updates for SCCM. This basically means that you will get a notice in your SCCM Administration console that a new update is available for installation. But there is a but, [...]

By | 2016-03-19T22:25:02+00:00 March 19th, 2016|Configuration Manager (SCCM)|7 Comments

Windows WI-FI profiles

Currently working on an Enterprise Mobility project, and thought I should share a little trick. In the project; we are deploying WI-FI profiles to Windows 10 devices. Some WI-FI profiles use SCEP/NDES certificates while others are configured using a pre-shared secret. When working with Windows WI-FI profiles, the only way to add a pre-shared secret to the profile is by creating a custom XML file. An easy way to create the WI-FI profile XML file; is to create the profile on a Windows 10 computer and then export the profile. To do that, use the steps below: To list all [...]

December 2nd: Part 2: Uninstall Java (or any other software) with ConfigMgr Compliance Baselines

It's December 2nd and Christmas is just around the corner! Yesterday Jakob kicked off the Coretech December Calendar with a great post about "Triggering a webhook from a SharePoint workflow using Out-of-the-box Activities" (Check out his blog post here:  That was the  first, this is the second post in the Coretech blog series that will continue until December 24th - Christmas Eve! :) In Part 1 ( I explained how you can utilize ConfigMgr Compliance Baselines for uninstalling software like Java, Adobe etc. with the help of PowerShell and WMI. Well in Part 1 we used the Win32_Product class which is not recommended [...]

Part 1: Uninstall Java (or any other software) with ConfigMgr Compliance Baselines

Compliance Items and Compliance Baselines in ConfigMgr is so powerful! And with some PowerShell magic you can almost use it to do anything you like on a Windows based computer – Only your imagination that will be the showstopper! Here I will show how you can uninstall software using WMI and Compliance Items in SCCM. However, it is important that you read the following articles as the uninstallation process uses win32_product WMI class which is known for its evilness. Thanks to Kaido, Jürg and Torsten for pointing this one out. A updated post as been created using a better and more [...]

Microsoft EMS News App for Windows 10 and Windows Phone 10

Update: The app has now changed name and is published to the Microsoft store under the name Microsoft EMS Resources An updated blog post is published here: As an IT-Pro I am used to staying up to date on the latest technology that I am working with. And with On-premises solutions like traditional ConfigMgr implementations, staying up to to date is not too hard with a little bit of effort since new features and updates are not added daily as opposed to what is going on in the Cloud. The cloud is evolving so fast with new features and services added daily [...]

By | 2015-11-11T20:20:28+00:00 November 11th, 2015|Azure, Enterprise Mobility Suite (EMS), Office 365|6 Comments

Troubleshooting: An error occurred when creating the WSUS Signing Certificate (Secunia)

Lately I have been doing some Secunia integrations with System Center 2012 R2: Configuration Manager (SCCM/ConfigMgr 2012). When you are setting up the connector between Secunia CSI and WSUS one of the first things the wizard is asking you to do is to Configure a WSUS Self-Signed Certificate, the WSUS signing certificate is required to create and install local packages. Without it, only packages from Microsoft Update will be installed. How-ever this time I got this error when trying to 'Automatically create and install certificate'  during the Connector Wizard: An error occurred when creating the WSUS Signing Certificate Now this [...]

By | 2015-10-20T20:14:46+00:00 October 20th, 2015|Configuration Manager (SCCM), Security|1 Comment

How to: Create custom SQL- based Reports in System Center 2012 R2: Configuration Manager

A customer asked me  for a “how-to” on how to Create reports in SCCM 2012, so why not share with everyone. This post is not intended to show how to write or design queries, but show you have to create  a report based on a SQL query you might already have. Even-though we are skipping how to write SQL Queries for know, this post is still going to be a bit long. Time for that cup of coffee! First some requirements: You need to have an SQL Server instance for SCCM with SQL Reporting Services running You need to have [...]

Upgrade System Center Configuration Manager Console with PowerShell

Since Service Pack 1 was released to SCCM 2012 R2 I have been upgraded several environments. A couple of customers wanted me to create a PowerShell script to uninstall existing ConfigMgr Console and install the new updated version with the latest cumulative updates and hotfixes. If you create a package to distribute it with SCCM make sure you point the Data source to the location of the Client installations files, Script, KB3084586-msp and kb3074857-msp. Installation command for the program will then be: PowerShell.exe -file "script.ps1". Remember to set PowerShell execution policy to "Bypass" under Client Settings. This will not affect [...]

3rd party updates & Compliance using Secunia and System Center 2012 ConfigMgr

This is the 3rd and final post in my series of Secunia CSI and System Center 2012 Configuration Manager integration. Part 1 focused on installing and configuring, Part 2 focused on deploying and installing 3rd party software updates. This blog post will introduce you to the monitoring options in the product. You can monitor compliance in either ConfigMgr or in Secunia CSI. The difference between the two is ConfigMgr will only show you compliance about the updates you have published to WSUS where CSI will list compliance for all applications found on the systems. Tracking compliance in CSI In CSI [...]

By | 2014-09-05T14:33:47+00:00 September 5th, 2014|Configuration Manager (SCCM)|0 Comments

Building PoshCAT Part 3 – Enabling PowerShell Remoting through Group Policy for PoshCAT

You may want to read these posts before: · How to install PoshCAT · Building PoshCAT Part 1 – Create different Client Actions lists · Building PoshCAT Part 2 – Adding your own custom functions One of the most important thing you need to know before you start using PoshCAT is that it relies on PowerShell remoting. If you don’t configure PowerShell remoting on your computers, then the Client Actions will fail. In this post I will show how you can enable PowerShell remoting through Group Policy but you can also configure it manually. To enable PowerShell remoting manually you [...]

Building PoshCAT Part 2 – Adding your own custom functions

Last week I showed how you can create different Client Actions lists for different support groups in your organization and in this post I will show how you can add/create your own custom functions for PoshCAT So let’s assume that you would like to query applied Computer Group Policy objects. If you want that your custom function returns some kind of information, then it must return PSObject. Here is the function that I use in this example. This function queries only applied/enabled policies [crayon-59c4a16336e9a180669726/] This function creates the following output To add this function to PoshCAT 1. Open WorkerFunctions.ps1 file [...]

Quick and Dirty Management Point check

If you have a big Configuration Manager environment and you don´t have a monitoring solution like SCOM or NAGIOS, then PowerShell can help you too.  This script queries all Management Points from SMS_SystemResourceList WMI class and it will check MPCERT and MPLIST website status. If you want to use this script then run it on your Central, CAS or Primary Site Server like this: Get-CMSMPStatus.ps1 -SiteCode PS1 -SiteServer Localhost -OutPut c:\Temp\MPStatus.csv. This will create a CSV Report (example below) This script should work with PSH v2 and v3. You can download the code example from here

By | 2013-01-29T14:20:44+00:00 January 29th, 2013|Configuration Manager (SCCM), Powershell|1 Comment

New Agents will not re-assign to ConfigMgr 2012 Site

Many are waiting for ConfigMgr 2012 SP1 before they actually go from ConfigMgr 2007 to ConfigMgr 2012. If you for some reason have a Group Policy that assigns clients to a specified Site code you will hit a barrier migrating your clients with the new Agent. The installation itself will go fine but it stops there. The Group Policy tattoo’s the Assigned Site Code locally on the machines that are hit by the policy. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client] "GPRequestedSiteAssignmentCode"="PS1" What you can do from here is either change the Site Code in the same, or a new Group Policy hitting the migrated [...]

By | 2012-12-11T14:23:06+00:00 December 11th, 2012|Configuration Manager (SCCM)|4 Comments

Coretech Package Source Changer Beta

  UPDATE: New version uploaded fixing a bug in list and improving error logging. Please send any logs if your application crashes This post describes the tool and configuration. Blog post by Kent Agerlund, describing how to use it in your environment 1. Introduction   As we start migrating from CM2007 to CM2012 one of the requirements is that the package source used for packages must be a UNC. we have seen many site installations where the package source is either a local source on the site server or a UNC pointing to the site server. In either [...]

By | 2012-09-11T14:25:23+00:00 September 11th, 2012|Configuration Manager (SCCM), Tools|29 Comments

Extending OSD progress UI Info in SCCM

While running a task sequence, info on what is happening is shown in the progress UI, well the name of the Task Sequence, and the step that is running anyway!! But what if we could extend that info to let us know other things as well! Turns out that is as easy as typing a little extra text in the Task Sequence editor. Example 1: Let say you are administrating a large environment, doing several OSD tests against a number of MPs, and DPs. Now wouldn’t it be nice if we could actually see where data is picked up, right [...]

Check If needed OSD packages are present on a DP

  I have a few customers who have many sits, end even more Distribution Points. They also have several different task sequences for deploying everything from XP to Server08R2. Every now and then, they will create new DP’s that needs to be updated with packages, and because of space and bandwidth issues, they do not necessarily want everything distributed to these DP’s. So how do we go about adding only the stuff we need to the new (or existing) DP?   1 – Download “ConfigMgr DP Util” by Cory Becht , and install it on your Computer. 2 – Run the [...]

How to create a context menu for SMS Client Center in the Configuration Manager 2007 console

If you have ever worked with Configuration Manager 2007 you properly know about the great freeware tool called SMS Client Center created by Roger Zander. The latest version of SMS Client Center can be downloaded from here: You install the tool locally on your computer and it does not require the installation of the Configuration Manager console. You can connect to one Configuration Manager client at a time by typing the dns name or ip address of the client. But you can actually launch the tool from within the Configuration Manager console without the need to manually typing in [...]

By | 2011-10-29T21:16:47+00:00 October 29th, 2011|Configuration Manager (SCCM), General info|5 Comments